Last updated: 
5 months 1 week ago
Group Manager
The use of a two factor system to authenticate users to access online services is not new but a topic of great interest to Janet and the UK research and education community. Recently, conversations have taken place across various groups and stakeholders regarding the benefits (or not) of using two factor, and around the various options there exist. This community group has been set up to create a point where experiences and ideas, and use cases for two factor authentication can be made and discussed.

Group administrators:

Two factor options

11 September 2014 at 8:03pm

In some online services specific functions to be carried out present good use cases for adding increased assurance to the authentication of the user logging in to perform such a task, for example to sign domains with DNSSEC or for the approval of Extended Validation SSL certificate requests.

There are many different methods for two factor authentication including hardware tokens, user certificates, SMS text and a standards based Google Authenticator-type system etc. Some of these options can be deployed in a variety of ways, for example the use of Yubikey as a hardware token, or a Time-based One-time Password Algorithm (TOTP) running on a smartphone app or in a web browser plug-in. 

The question I’m interested in is which is the preferred two factor option for those users served directly by Janet, not necessarily end users such as students?

Feel free to add your comments below.

Should you wish to add a more substantial response or upload a document please feel to join this group where you will be given ‘contributor’ access.